aws_user_creation

This role will create an AWS IAM Username and corresponding IAM Access Key ID and Secret Access Key in the targeted AWS account.

Prerequisites

To run this role successfully you must have already installed the AWS CLI. Also, you need to have AWS user credentials configured via aws configure command or simply export AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables with your corresponding AWS username credentials prior running this role.

Role Variables

aws_username

AWS Username.

  • Required.
  • Environment Variable: AWS_USERNAME
  • Default Value: None

aws_username_create_access_key_flag

Flag that defines if IAM Access Key ID and Secret Access Key should be created for the AWS Username. If set to False, then only the AWS Username will be created but no IAM Access Key ID and Secret Access Key.

  • Optional
  • Environment Variable: AWS_USERNAME_CREATE_ACCESS_KEY_FLAG
  • Default Value: True.

aws_username_access_key_id

Defines an existing IAM Access Key ID for your AWS username. If both aws_username_access_key_id and aws_username_secret_access_key are defined, then aws_username_create_access_key_flag will be automatically forced to False, therefore if you want to create new pair of credentials for the username, do not set this property.

  • Optional
  • Environment Variable: AWS_USERNAME_ACCESS_KEY_ID
  • Default Value: None.

aws_username_secret_access_key

Defines and existing IAM Secret Access Key for your AWS username. If both aws_username_access_key_id and aws_username_secret_access_key are defined, then aws_username_create_access_key_flag will be automatically forced to False, therefore if you want to create new pair of credentials for the username, do not set this property.

  • Optional
  • Environment Variable: AWS_USERNAME_SECRET_ACCESS_KEY
  • Default Value: None.

aws_policy_arn

If set, then it will attach the corresponding policy to the AWS Username's permissions.

  • Optional
  • Environment Variable: AWS_POLICY_ARN
  • Default Value: None.

Example Playbook

After installing the Ansible Collection you can include this role in your own custom playbooks.

- hosts: localhost
  vars:
    aws_username: "{{ lookup('env', 'AWS_USERNAME') }}"
    aws_username_create_access_key_flag: "{{ lookup('env', 'AWS_USERNAME_CREATE_ACCESS_KEY_FLAG') }}"
    aws_policy_arn: "{{ lookup('env', 'AWS_POLICY_ARN') }}"
  roles:
    - ibm.mas_devops.aws_policy

Run Role Playbook

After installing the Ansible Collection you can easily run the role standalone using the run_role playbook provided.

export AWS_USERNAME=my-aws-username
export AWS_USERNAME_CREATE_ACCESS_KEY_FLAG=True
export AWS_POLICY_ARN=arn:aws:iam::my-id:policy/my-policy-name
ROLE_NAME=aws_user_creation ansible-playbook ibm.mas_devops.run_role

License

EPL-2.0